7172143d7affdc73f369c2ed47a5251e4e1231ba5d8c1937cf3eb8d1c2aaa335 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FortniteSeasonSwapper.exe
Size

2.0MB
Sample

241013-rve5pswclj
MD5

67c7e6877d498e90462e144a84d5eff5
SHA1

7d9b4073e418d3863006b9f789499a983a523f4d
SHA256

7172143d7affdc73f369c2ed47a5251e4e1231ba5d8c1937cf3eb8d1c2aaa335
SHA512

2a44914d305baaee05bcc5feca8332044c2a7f4df86254bfebf15af275a30f3fb5334a9982613550b3cbaa6f421a4c7b684811d6f98f149aba2e696e5cbdc17c
SSDEEP

49152:0hhDKl9vfcDNslafsbV8Dol4A3yUxrAYcPikkITuk8Wl7j+Gs9:0fDKl9nhw0bakl4A3yU2Vi3ITukBs9

Score

8^/10

execution

Malware Config

Targets

- Target
  
  FortniteSeasonSwapper.exe
- Size
  
  2.0MB
- MD5
  
  67c7e6877d498e90462e144a84d5eff5
- SHA1
  
  7d9b4073e418d3863006b9f789499a983a523f4d
- SHA256
  
  7172143d7affdc73f369c2ed47a5251e4e1231ba5d8c1937cf3eb8d1c2aaa335
- SHA512
  
  2a44914d305baaee05bcc5feca8332044c2a7f4df86254bfebf15af275a30f3fb5334a9982613550b3cbaa6f421a4c7b684811d6f98f149aba2e696e5cbdc17c
- SSDEEP
  
  49152:0hhDKl9vfcDNslafsbV8Dol4A3yUxrAYcPikkITuk8Wl7j+Gs9:0fDKl9nhw0bakl4A3yU2Vi3ITukBs9
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2